This invention relates to copy protection of software on publicly-distributed diskettes through the use of an encryption technique which authenticates a uniquely-identified computing system as the one on which the software has originally been installed.
Computing and the use of computers is no longer limited exclusively to large businesses and scientific or technical organizations. Computers are now widely employed by individuals to conduct the everyday transactions necessary to the lives of those individuals. A large personal computing industry has sprung up as a result.
The personal computing industry includes not only the production and marketing of hardware (personal computers), but also development and commercial distribution of software.
The software sector of the personal computing industry is marked by fierce competition and predatory practices. The possible consequences of copyright, trademark, and patent infringement have as little effect in dissuading the illegal reproduction, distribution and use of retail software as do commonly-acknowledged ideals of personal property and fair play. Elaborate schemes have been hatched to prevent illegal copying of software from diskettes. These efforts are directed not only at software pirates who operate as illegal, secondary suppliers of software, but also at individuals who permit casual, but illegal copying of software which they legally own.
The efforts to prevent illegal copying of personal computing software distributed in the form of diskettes are lumped under the term "copy protection." In view of the substantial and continuing black market in illegal personal computing software, additional effective schemes for copy protection are desperately needed. Further, it would be desirable also to provide a deterrent to use which is illegal, but which may not include copying.
The term copy protection includes a host of techniques aimed at the detection and prevention of illegal copying. These are known and widely reported One technique involves insertion into software of artifacts whose locations are randomly determined when the software is initially placed on a diskette, and which can only be reproduced under the original copying conditions. When illegal copying is attempted, the artifacts are obliterated; their absence is detected by a process in the software which reacts by altering the software program
Another approach to copy protection involves the use of encryption to encrypt all or part of a mass-marketed software distributed on diskette form. In this regard, because of the prohibitive cost of encrypting and decrypting all of the software which is to be protected, encryption of an entire program is usually limited to certain main frame systems.
Encryption is well understood in both its theoretical and practical aspects. Reference is given to: Massachusetts Institute of Technology document MIT/LCS/TM-82 entitled "A Method for Obtaining Digital Signatures in Public-Key Cryptosystems," authored by Rivest et al.; a publication authored by Merkle et al. and distributed by the Department of Electrical Engineering, Stanford University, entitled "Hiding Information and Receipts in Trap Door Knapsacks"; "New Directions in Cryptography" from IEEE TRANSACTIONS ON INFORMATION THEORY, Volume IT-22, No. 6 November 1976, by Diffie et al.; and the article entitled "Password Authentication With Insecure Communication," COMMUNICATlONS OF THE ACM, Volume 24, No. 11, November 1981 by Lamport. It is understood that many modifications of encryption are available, including public-key encryption.
Utilization of encryption to protect data carried in a portable data storage medium is found in U.S. Pat. No. 4,453,074 of Weinstein. The Weinstein patent discloses use of a password referenced to the personal characteristics of the possessor of a "credit card." This patent concerns the encryption of the concatenation of the password with a non-secret reference text, with the encryption effected by the secret one of a key pair. The result of the encryption is placed on the credit card so that, when the credit card is presented to a terminal for conducting a transaction, the transaction is authorized by decryption of the concatenated words in the terminal and comparison of the decryption with the joinder of the password entered by the user and the non-secret reference text which is available to the terminal. In the Weinstein example, one appreciates the use of encryption simply to gain entree to a system through a portable means (a credit card). In Weinstein the only use of encryption is to disguise the key unlocking the gate of access to the system; once access is gained, a transaction is conducted through the exchange of unencrypted data.
Other examples of cryptographically controlled access to computing resources are provided in U.S. Pat. No. 4,649,233 of Bass et al. and U.S. Pat. No. 4,590,470 of Koenig. However, neither of these examples use an encrypted key to limit the use of diskette-distributed software to authorized hardware which is under the control of a software user, rather than the software distributor.